chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates#2982
chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates#2982dependabot[bot] wants to merge 1 commit into
53 new alerts including 29 high severity security vulnerabilities
New alerts in code changed by this pull request
Security Alerts:
- 29 high
- 21 medium
- 3 low
Alerts not introduced by this pull request might have been detected because the code changes were too large.
See annotations below for details.
Annotations
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Prototype pollution allows information disclosure and request manipulation High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Information disclosure due to prototype pollution vulnerability High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Information disclosure of proxy credentials via HTTP redirects High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Information disclosure of proxy credentials via redirect flows High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Denial of Service due to unenforced request and response size limits High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name High
Check failure on line 20974 in package-lock.json
Code scanning / Trivy
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High
Check failure on line 23063 in package-lock.json
Code scanning / Trivy
lodash: lodash: Arbitrary code execution via untrusted input in template imports High
Check failure on line 23069 in package-lock.json
Code scanning / Trivy
lodash: lodash: Arbitrary code execution via untrusted input in template imports High
Check failure on line 23487 in package-lock.json
Code scanning / Trivy
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High
Check failure on line 24204 in package-lock.json
Code scanning / Trivy
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality High
Check failure on line 26585 in package-lock.json
Code scanning / Trivy
minimatch: minimatch: Denial of Service via specially crafted glob patterns High
Check failure on line 26585 in package-lock.json
Code scanning / Trivy
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns High
Check failure on line 26585 in package-lock.json
Code scanning / Trivy
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High
Check failure on line 31889 in package-lock.json
Code scanning / Trivy
node-fetch: exposure of sensitive information to an unauthorized actor High
Check failure on line 32968 in package-lock.json
Code scanning / Trivy
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() High
Check failure on line 35004 in package-lock.json
Code scanning / Trivy
tmp is a temporary file and directory creator for node.js. Prior to 0. ... High
Check failure on line 35934 in package-lock.json
Code scanning / Trivy
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality High
Check failure on line 36677 in package-lock.json
Code scanning / Trivy
ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: NO_PROXY bypass via crafted URL High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: Arbitrary HTTP header injection via prototype pollution High
Check failure on line 13505 in package-lock.json
Code scanning / Trivy
axios: Axios: HTTP Transport Hijacking via Prototype Pollution High
Check failure on line 7693 in package-lock.json
Code scanning / Trivy
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality High
Check failure on line 6446 in package-lock.json
Code scanning / Trivy
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions High